Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater).
Important Note:
BOTH the Marriotts across the street from each other are now sold out as is the
Pallisades. But not to worry, we have a large block reserved
with discounted rates at the Sutton Place hotel on Burrard Street a few blocks
away.This hotel is very nice and is very popular with all the
film productions in town. Quote the group code VC080325CAN
or the group name CanSecWest to get the discounted rate.
Sutton Place Hotel
845 Burrard Street
Vancouver, BC V6Z 2K6, Canada
(604) 682-5511
2008-03-20 21:33:00 CanSecWest PWN2OWN 2008
Three targets, all patched. All in typical client configurations with
typical user configurations. You hack it, you get to keep it.
Each has a file on them and it contains the instructions and how to claim the prize.
Targets (typical road-warrior clients):
- VAIO VGN-TZ37CN running Ubuntu 7.10
- Fujitsu U810 running Vista Ultimate SP1
- MacBook Air running OSX 10.5.2
This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.
Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point's DVLabs blog.
Quick Overview:
- Limit one laptop per contestant.
- You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue.
- Thirty minute attack slots given to contestants at each box.
- Attack slots will be scheduled at the contest start by the methods selected by the judges.
- Attacks are done via crossover cable. (attacker controls default route)
- RF attacks are done offsite by special arrangement...
- No physical access to the machines.
- Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope.
More detailed rules and fine print will be available on this site shortly.
2008-03-11 20:07:00 DTF Core and iSec
More details about the Microsoft Defend the Flag special two day Dojo:
Brad Hill of iSec Partners will conduct the hands-on Windows defense training module, which includes Windows host and service hardening, basic intrusion detection, forensics, and incident response while under attack. Alex Horan of Core will present the techniques and methodology of attack, leveraging the Core Impact tool.
Students will form teams containing both attackers and defenders. Teams will apply the lessons learned in attack and defense from Day One to the competition on Day Two. Winning will be judged on uptime of systems and services, execution of hardening steps, and proper defense of various "flags" on the systems being protected. The winning team members will take home a prize!! (No, it's not the laptops of the other teams. You're thinking of a different game. ;-)
2008-02-26 23:50:00 Hotels Belugas Dolphins Cold-Spray USB and Ski-Bunnies
Some news...
url: http://vanaqua.org/belugacamThat is a preview of what we have set up for CanSecWest's sponsor party. With a special thanks to Juniper and Microsoft, and a supporting cheer to Google and Mu, we'd like to thank them because they have set up for the attendees to be entertained at a private function at the Vancouver Aquarium on Thursday, March 27th. Loads of things to keep people of all ages amused. D.J. TBA.
--8<--
IMPORTANT NOTE: BOTH the Marriotts across the street from each other are now sold out as is the Pallisades. But not to worry, we have a large block reserved with discounted rates at the Sutton Place hotel on Burrard Street a few blocks away.This hotel is very nice and is very popular with all the film productions in town. Quote the group code VC080325CAN or the group name CanSecWest to get the discounted rate.
Sutton Place Hotel
845 Burrard Street
Vancouver, BC V6Z 2K6, Canada
(604) 682-5511
Book your hotel quickly because there is also a convention of archaeologists coming to town. We'll be doing employee surveys at Brandi's to see who are better tippers, computer security folks or archaeologists... :-P :-)
--8<--
Also on the late breaking news, we have a new topic for presentations....
I'm sure unless you've been hiding under rocks you've heard of the Princeton team's cold bits attacks... Two folks from Intelguardians, Tom Liston and Sherri Davidoff will be presenting some follow-on work and utilities to be released to the attendees so that you can test and verify the effects yourself... and they will be joined by Jacob Appelbaum, and William Paul from the original Princeton team. The subject at hand will be the actual tools and techniques developed so far. We are going to try to make it more workshoppy, but we'll figure that out shortly.
We haven't figured out if we are going to let any of these folks have physical access to the Pwn2Own machines :-), but all I can say is that gee the mac air's non swappable batteries and limitations might be a good thing in this case :)... It does have a nice kb though...
--8<--
Oh and I promised ski bunnies...
Ok for after the conference we have set up a block of hotel rooms at the Delta hotel in Whistler. The rooms are either one bedroom + living area and kitchen, or two bedroom and same:
- One bedroom (sleeps up to 4): $175+tax/night
- Two bedroom (sleeps up to 6 [?]) : $262+tax/night
The catch is also that we must book immediately because the entire town is approaching a sellout.
Most people are driving up to Whistler the Friday night (28th) and are leaving either Sunday or Monday. There are beginning skiers taking lessons and a large group of non-boarder/skiiers who will be going snowmobiling (we are working on a group rate). There are many activities like helicopter tours, zip lines, shopping and other non-snow sports if that isn't your bag... oh and there is a wee bit of other snow sports too :-). We will try to arrange some carpooling up to the hill.
But if you are interested in these activities you have to speak now as we usually have more interest than beds. IF YOU WANT TO GO SKIING PLEASE NOTIFY US ASAP. No guarantees for rooms at Whistler after this week....
